First of all want to say sorry for my bad english (Primary language is dutch)

Well im 25 years old live in Belgium, my work is helpdesk for internet related problems that goes from Network settings, wireless, on the windows enviremont.

i have this feeling lately this aint the right job for me i want more i whas thinking in the direction from security, network admin, pen testing,

Few years ago i got my certifaction CNA1 (

I want to setup up a lab for some testing and to get some knowledge about how's and why's. I have only 1 laptop with winxp home on it yet with 1024 of ram so installed Vmware workstation 6 to it, so basically i could make a virtual network on this laptop with that software?

I whas thinking for the attacking PC (BT2 or maybe BT3), and the victim Windows2000server, or windows2003, Vista?to start with.

I'm also reading now: Sybex - TCPIP jumpstart

Anyone else have any other recommandions for books i could read after i'm finish with this one (ie Windows2000,2003 server, vista, linux or security,..)I want also learn a progamming language i whas thinking about C

Last edited by chris25 on Mon Jan 14, 2008 11:18 am, edited 1 time in total.

Sounds to me like you're on the right path. You're setting up a lab, you have some networking fundamentals behind you, and you're interested in security and the 'how and why' aspects. One thing I might suggest, is if you can swing it put together a separate box or two with even used parts, and connect it in a real LAN with a cheapy switch. You can cobble together a box for less than 200 bucks. And it will react as a box actually would, without any possible glitches from vmware. Other suggestion, perhaps toss linux on one of those boxes, or one of your vmware boxes. Linux is definately becoming more popular this year, and you'll be runninga ccross more linux as time goes on, along with Mac OS's. Nice thing about testing Linux distros.. is they are free, and so are all the programs you will want to run on them for testing purposes. Apache servers etc. It sounds like you were interested in certs before, there are some decent security certs out there as well you may wish to look into. This site has quite a few discussed on it, and commentary by professionals on each. Welcome to EHN.

I'll also welcome you to EH-Net and remark that you are on the right track... and your English is pretty good, too.

I'll also agree wholeheartedly with g00d_4sh. Having you build some kind of cheap box and get a cheap switch for your lab will also help. All the free stuff you can get for Linux is also a plus, but I'll exapnd. You can get free Linux software for firewalls, IDS/IPS, logging, patch management, vulnerability testing, etc etc in addition to the pen testing tools. This will give you a broader view of network security.

Backtrack is good to start with to get a feel of some tools, but later you should download a good distro of linux and install all your tools yourself. This will give you a much deeper understanding of linux which is important. For the first time linux users I recommend Ubuntu.Thats my 2 cents.

Yep Kev, that's exactly where I am now. I just put Ubuntu on my new lappy, and have been working through the learning curve of trying to get all my hardware working, and all my favorite programs from BT3 installed and working properly. It's a great learning experience.

i found another desktop at my dad's house, that i could use and a wireless router. Going to install tommorow a copie of win2000 server (not updated first ) will install each SP after i'm satisfied with the information i have and vmware with as client a windows xp box

after that going to launch some basic attacks first some port scanning with nmap on BT 3 box see what port's are open, and how's and why's for those ports. Also going to write down each step i do and some short information

After all that is done and I'm satisfied, i'm going to do some Wireless attacks with the wireless router i have (netgear version slip my mind atm hehe) with the same setup maybe a Windows2003 server with some vista client's, and later on going to do some pen testing on linux boxes,

These are the things that i'm going start with.

Aye Really want some more cert, but due the finance atm ( have 3week old son, and the rent kinda not cheap in belgium) it need to wait

Almost done with the Sybex - Tcp/ip jumpstartthink next book would be "Hacking for dummies"Or do someone have any other recommandions?

Ahhhh, Belgium! Nice, very nice. Some of the bests beers I've had have come from there. If you ever end up going to one of the conferences and meeting up with EHN peeps.... feel free to bring some good dark beer. MMmmmmm.

Thats a cheap beer? Shows you what I know! Any way, why learn C? Hmmm, its the foundation of Linux and many exploits. It will separate you from the huge sea of script kiddies. Is there a sea? Put up a honey pot for even 10 minutes and you will see. GOOD LORD! Yes there are a lot of people knocking on the door.

Last edited by Kev on Tue Jan 15, 2008 5:12 am, edited 1 time in total.

Heh, I had someone running probes against my laptop this weekend while I was connected.. started getting firewall pop ups from attempted connections. Don't even really need a honeypot to see that people (or bots) are out there searching away. It's kind of freaky.